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(57)Abstract: 

PROBLEM TO BE SOLVED: To secure the 
confidentiality and secrecy of communication data by 
exchanging a cryptographic key in a single session, 
while utilizing the standard protocols of the Internet, 
etc. 

SOLUTION: The term of validity of a cryptographic 
key in a single session is defined. Then, a 
communication time is managed by using first timers 
27a, 27b or the like. When the expiration of the 
validity of the cryptographic key comes near, key- 
exchanging means 25a and 25b performs the 
exchanging (delivering) processing of a new 
cryptographic key by using the security function of a 
wide-area network. When old cryptographic key 
information and new cryptographic key information 
coexist in SA database 24a and 24b, the newest 
cryptographic key information is selected by referring 
to a time stamp. 
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[0003] At present, Ipsec is defined as a security protocol for the Internet by 
RFCCRequest For Comment) which defines a standard protocol. Ipsec is made by 
adding encrj^tion and authentication functions to IP (Internet Protocol), which is a 
fundamental protocol of the Internet. IKE (Internet Key Exchange) is also a defined 
protocol for exchanging keys necessary for encryption or authentication. 
[0004] The gateway unit functions as an interface between a local network (such as 
in-house network or home network) and a wide area network such as the Internet, and 
it is generally complied with a cipher communication protocol. The use of the gateway 
unit (code gateway unit) having the encryption function can facihtate the cipher 
communication via the wide area network. 

[0005] The encryption ensures the confidentiality and secrecy of short sessions. 
[0006] 

[The problems to be solved by the invention] 

In order to secure the confidentiality and secrecy of session groups as 
constantly maintained virtual private lines or of sessions over a couple of hours such as 
movie distribution, it is necessary to update encryptions keys regularly. 
[0007] However, communication channels used for temporary encryption of contents 
of the communication are released for the update of the encryptions keys, (the 
communication channels, i.e., key information including encryption key data, to be 
referred to as Security Association(SA) hereinafter) Therefore, the security of the 
communication is not guaranteed during a period where the encryption keys are 
updated, which degrades the confidentiality and secrecy of the communication data of 
the session. 

[0008] Moreover, in a present situation that always on connections in the networks 
have been widespread, there may be users' demand for seciuring the confidentiality by 
making key exchanges by every couple of hours while constantiy maintaining movie 

stream application. 

[0009] The current security function on the Internet cannot deal with exchanging 
the encryption keys in a single session. Changing the specification of the security 
function to update the encryption key during a single session is a way of solution, 
however, with generality of the wide area networks taken into consideration, it is a 
very hard thing to achieve. 

[OOlO] The invention is achieved with the above regards taken into consideration. 
The object of the invention is to realize the encryption key exchange in a single session 
using a standard protocol of the Internet, and to secure the confidentiality and secrecy 
of communication data 
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